17

I need to open a local html file in the browser. The javascript works fine but ajax stops working and XMLHttpRequest gives a cross origin error. Is there a way to run ajax from local directory. It is necessary for me that it is run from local file only.

Thanks

User4870
  • 386
  • 1
  • 4
  • 12
  • 2
    Possible duplicate of [XmlHttpRequest error: Origin null is not allowed by Access-Control-Allow-Origin](http://stackoverflow.com/questions/3595515/xmlhttprequest-error-origin-null-is-not-allowed-by-access-control-allow-origin) – Lucas Torres Apr 19 '17 at 10:46

5 Answers5

13

For anyone who wants to know, I had to run a server in the app to serve the js files. Seems like it's not possible to do it without running a server. If anyone knows of another way, do tell.

User4870
  • 386
  • 1
  • 4
  • 12
  • 2
    Some reference on what this means and how to do it would help. – Self Dot Apr 27 '21 at 15:45
  • For anyone else seeking an easy way to do this, I can open html files locally and preview their contents within Visual Studio Code, when VSCode is loaded as an administrator. – Sidders Sep 26 '22 at 03:09
  • 1
    For those wanting an easy solution to get up and running in 5 minutes, the following sites were handy: https://github.com/lwsjs/local-web-server/wiki/How-to-launch-a-secure-local-web-server-(HTTPS) OR https://timnwells.medium.com/quick-and-easy-http-servers-for-local-development-7a7df5ac25ff (I used the Python section) – mcmuffin6o Apr 28 '23 at 18:43
3

The simplest way to allow this in Firefox is to navigate to about:config, look for the privacy.file_unique_originsetting and toggle it off.

Essentially, Firefox used to treat local files from the same directory as being from the same source, thus CORS was happily satisfied. That behavior changed after CVE-2019-11730 was discovered.

It worked fine for me on 84.0.1 on Arch. Just be sure to turn it off when not locally debugging.

Source

koepnick
  • 49
  • 1
  • 1
    I would not recommend turning this on and off. The accepted answer is the proper way to deal with this issue – Kerwin Sneijders Jan 21 '21 at 00:52
  • did not work for me. @KerwinSneijders why should I fire up a webserver for a quick local test, especially for a simple HTML file that includes some JS? Unnecessary complexity for a simple task... – xeruf Mar 25 '22 at 14:57
  • @xeruf If you can be 100% sure you always turn it back on afterwards it's... okay... I guess. But turning off security features like this should never be recommended. – Kerwin Sneijders Mar 25 '22 at 17:38
  • @KerwinSneijders that might be true if there is a “correct” way; e.g. a way to edit policy. There does not appear to be a correct way. – fectin May 14 '22 at 16:27
1

If you are using VS Code, the Live Server extension might help you. It resolved a cross-origin issue I was having when editing a webpage.

https://marketplace.visualstudio.com/items?itemName=ritwickdey.LiveServer

JamesBock
  • 81
  • 7
-2

If you are using chrome, try this extension

CORS allows web applications on one domain to make cross domain AJAX requests to another domain. It's dead simple to enable, only requiring a single response header to be sent by the server.

What this extension does is add to response header rule - Access-Control-Allow-Origin: *

You can do that manually also by sending a response header.

For simple CORS requests, the server only needs to add the following header to its response: Access-Control-Allow-Origin: *

Read this for more info.

Ayush Seth
  • 1,169
  • 10
  • 21
-2

If you are able to change the server code, you can try adding the string "null" to allowed origins. In Chrome, it sends the origin as "null" if it's running from a local file.

Here's an example in ASP.NET Core for setting up the "null" origin:

services.AddCors(options =>
{
    options.AddPolicy("InsecurePolicy",
        builder => builder
            .WithOrigins("null")
            .AllowAnyMethod()
            .AllowAnyHeader()
            .AllowCredentials());
});

Note that this is not recommended, but might be good enough if you just need it during development.

Dusklight
  • 92
  • 1
  • 3